Abstract
In this paper we introduce the concept of attack jungles, which is a formalism for systematic representation of the vulnerabilities of systems. An attack jungle is a graph representation of all ways in which an attacker successfully can achieve his goal. Attack jungles are an extension of attack trees [13] that allows multiple roots, cycles and reusability of resources. We have implemented a prototype tool for constructing and analyzing attack jungles. The tool was used to analyze the security of the GSM (radio) access network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Specification of GERAN vulnerabilities (2007), http://www.3gpp.org/ftp/Specs/html-info/33801.htm
Abdulla, P.A., Čerāns, K., Jonsson, B., Tsay, Y.: Algorithmic analysis of programs with well quasi-ordered domains. Inf. Comput. 160(1-2) (2000)
Isograph AttackTree+ (2007), http://www.isograph-software.com/atpover.htm
Bistarelli, S., Dall’Aglio, M., Peretti, P.: Strategic games on defense trees. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 1–15. Springer, Heidelberg (2007)
Bistarelli, S., Fioravanti, F., Peretti, P.: Defense tree for economic evaluations of security investment. In: ARES 2006, pp. 416–423. IEEE Computer Society, Los Alamitos (2006)
Bistarelli, S., Peretti, P., Trubitsyna, I.: Analyzing security scenarios using defence trees and answer set programming. Electronic Notes in Theoretical Computer Science (ENTCS) 197(2), 121–129 (2008)
Brynielsson, J., Horndahl, A., Kaati, L., Mårtenson, C., Svenson, P.: Development of computerized support tools for intelligence work. In: Proceedings of ICCRTS (2009)
Goleniewski, L., Jarrett, K.W.: Telecommunications Essentials, Second Edition: The Complete Global Source, 2nd edn. Addison-Wesley Professional, Reading (2006)
Van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From system goals to intruder anti-goals: Attack generation and resolution for security requirements engineering. In: Proc. of RHAS 2003, pp. 49–56 (2003)
Amenaza Technologies Limited. A quick tour of attack tree based risk analysis using SecureITree (2002)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2005)
Lippmann, R., Sheyner, O., Haines, J., Jha, S., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)
Schneier, B.: Attack trees. Dr Dobbs Journal 24(12) (1999)
Sheyner, O., Wing, J.M.: Tools for generating and analyzing attack graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. Sheyner, O., Wing, J.M, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE 2004, pp. 148–157 (2004)
Wisniewski, S.: Wireless and Cellular Networks. Prentice-Hall, Inc., Englewood Cliffs (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abdulla, P.A., Cederberg, J., Kaati, L. (2010). Analyzing the Security in the GSM Radio Network Using Attack Jungles. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification, and Validation. ISoLA 2010. Lecture Notes in Computer Science, vol 6415. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16558-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-16558-0_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16557-3
Online ISBN: 978-3-642-16558-0
eBook Packages: Computer ScienceComputer Science (R0)